At 10:55 PM +0100 2006/08/02, Ivan Ristic wrote:
>On 8/2/06, Chris Pepper <pepper@...> wrote:
>> I installed mod_security 1.9.4 from source in httpd 2.2.3 via
>>apxs (very easy). I am having trouble getting my rules active, and
>>was checking to see if the directives were enabled via "apachectl
>>-L", which lists available configuration directives.
>>
>> Unfortunately, the SecFilter* directives do *not* show up in
>>"apachectl -L" output (although "apachectl -M" does show the module
>>loaded, and I my security log is growing, so I know at least one
>>directive is enabled). Another user has confirmed the problem in his
>>Apache.
>>
>> This looks like a bug, with mod_security not properly
>>registering its directives.
>
>I don't think that's an ModSecurity issue. In my tests invoking httpd
>with -L shows only directives of statically compiled modules. The
>directives of modules loaded as DSOs do not appear on the list.
Ivan,
I don't have another 2.2.3 installation, but checked on
minotaur.apache.org. There dav_fs_module is loaded dynamically, and
its DAVLockDB directive shows up in -L output.
Regards,
Chris Pepper
-bash-2.05b$ hostname
minotaur.apache.org
-bash-2.05b$ pwd
/usr/local/apache2-install/people.apache.org/httpd-2.2.3/bin
-bash-2.05b$ ./httpd -h
Usage: ./httpd [-D name] [-d directory] [-f file]
[-C "directive"] [-c "directive"]
[-k start|restart|graceful|graceful-stop|stop]
[-v] [-V] [-h] [-l] [-L] [-t] [-S]
Options:
-D name : define a name for use in <IfDefine name> directives
-d directory : specify an alternate initial ServerRoot
-f file : specify an alternate ServerConfigFile
-C "directive" : process directive before reading config files
-c "directive" : process directive after reading config files
-e level : show startup errors of level (see LogLevel)
-E file : log startup errors to file
-v : show version number
-V : show compile settings
-h : list available command line options (this page)
-l : list compiled in modules
-L : list available configuration directives
-t -D DUMP_VHOSTS : show parsed settings (currently only vhost settings)
-S : a synonym for -t -D DUMP_VHOSTS
-t -D DUMP_MODULES : show all loaded modules
-M : a synonym for -t -D DUMP_MODULES
-t : run syntax check for config files
-bash-2.05b$ ./httpd -M
Loaded Modules:
core_module (static)
authn_file_module (static)
authn_default_module (static)
authz_host_module (static)
authz_groupfile_module (static)
authz_user_module (static)
authz_default_module (static)
auth_basic_module (static)
cache_module (static)
disk_cache_module (static)
include_module (static)
filter_module (static)
deflate_module (static)
log_config_module (static)
log_forensic_module (static)
env_module (static)
setenvif_module (static)
ssl_module (static)
mpm_prefork_module (static)
http_module (static)
mime_module (static)
dav_module (static)
status_module (static)
autoindex_module (static)
asis_module (static)
cgi_module (static)
dav_fs_module (static)
negotiation_module (static)
dir_module (static)
actions_module (static)
userdir_module (static)
alias_module (static)
rewrite_module (static)
so_module (static)
dav_svn_module (shared)
authz_svn_module (shared)
Syntax OK
-bash-2.05b$ ./httpd -L
<Directory (core.c)
Container for directives affecting resources located in the
specified directories
Allowed in *.conf only outside <Directory>, <Files> or <Location>
<Location (core.c)
Container for directives affecting resources accessed through
the specified URL paths
Allowed in *.conf only outside <Directory>, <Files> or <Location>
<VirtualHost (core.c)
Container to map directives to a particular virtual host,
takes one or more host addresses
Allowed in *.conf only outside <Directory>, <Files> or <Location>
<Files (core.c)
Container for directives affecting files matching specified patterns
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
<Limit (core.c)
Container for authentication directives when accessed using
specified HTTP methods
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
<LimitExcept (core.c)
Container for authentication directives to be applied when
any HTTP method other than those specified is used to access the
resource
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
<IfModule (core.c)
Container for directives based on existance of specified modules
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
<IfDefine (core.c)
Container for directives based on existance of command line defines
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
<DirectoryMatch (core.c)
Container for directives affecting resources located in the
specified directories
Allowed in *.conf only outside <Directory>, <Files> or <Location>
<LocationMatch (core.c)
Container for directives affecting resources accessed through
the specified URL paths
Allowed in *.conf only outside <Directory>, <Files> or <Location>
<FilesMatch (core.c)
Container for directives affecting files matching specified patterns
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
AuthType (core.c)
An HTTP authorization type (e.g., "Basic")
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AuthName (core.c)
The authentication realm (e.g. "Members Only")
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
Require (core.c)
Selects which authenticated users or groups may access a
protected space
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
Satisfy (core.c)
access policy if both allow and require used ('all' or 'any')
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AddDefaultCharset (core.c)
The name of the default charset to add to any Content-Type
without one or 'Off' to disable
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AcceptPathInfo (core.c)
Set to on or off for PATH_INFO to be accepted by handlers, or
default for the per-handler preference
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AccessFileName (core.c)
Name(s) of per-directory config files (default: .htaccess)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
DocumentRoot (core.c)
Root directory of the document tree
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ErrorDocument (core.c)
Change responses for HTTP errors
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AllowOverride (core.c)
Controls what groups of directives can be configured by
per-directory config files
Allowed in *.conf only inside <Directory>, <Files> or <Location>
Options (core.c)
Set a number of attributes for a given directory
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
DefaultType (core.c)
the default MIME type for untypable files
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
FileETag (core.c)
Specify components used to construct a file's ETag
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
EnableMMAP (core.c)
Controls whether memory-mapping may be used to read files
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
EnableSendfile (core.c)
Controls whether sendfile may be used to transmit files
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
Protocol (core.c)
Set the Protocol for httpd to use.
Allowed in *.conf only outside <Directory>, <Files> or <Location>
AcceptFilter (core.c)
Set the Accept Filter to use for a protocol
Allowed in *.conf only outside <Directory>, <Files> or <Location>
Port (core.c)
Port was replaced with Listen in Apache 2.0
Allowed in *.conf only outside <Directory>, <Files> or <Location>
HostnameLookups (core.c)
"on" to enable, "off" to disable reverse DNS lookups, or
"double" to enable double-reverse DNS lookups
Allowed in *.conf anywhere
ServerAdmin (core.c)
The email address of the server administrator
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ServerName (core.c)
The hostname and port of the server
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ServerSignature (core.c)
En-/disable server signature (on|off|email)
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
ServerRoot (core.c)
Common directory of server-related files (logs, confs, etc.)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ErrorLog (core.c)
The filename of the error log
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ServerAlias (core.c)
A name or names alternately used to access the server
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ServerPath (core.c)
The pathname the server can be reached at
Allowed in *.conf only outside <Directory>, <Files> or <Location>
Timeout (core.c)
Timeout duration (sec)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ContentDigest (core.c)
whether or not to send a Content-MD5 header with each request
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
UseCanonicalName (core.c)
How to work out the ServerName : Port when constructing URLs
Allowed in *.conf anywhere
UseCanonicalPhysicalPort (core.c)
Whether to use the physical Port when constructing URLs
Allowed in *.conf anywhere
Include (core.c)
Name of the config file to be included
Allowed in *.conf anywhere
LogLevel (core.c)
Level of verbosity in error logging
Allowed in *.conf only outside <Directory>, <Files> or <Location>
NameVirtualHost (core.c)
A numeric IP address:port, or the name of a host
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ServerTokens (core.c)
Determine tokens displayed in the Server: header - Min(imal),
OS or Full
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LimitRequestLine (core.c)
Limit on maximum size of an HTTP request line
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LimitRequestFieldsize (core.c)
Limit on maximum size of an HTTP request header field
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LimitRequestFields (core.c)
Limit (0 = unlimited) on max number of header fields in a
request message
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LimitRequestBody (core.c)
Limit (in bytes) on maximum size of request message body
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
LimitXMLRequestBody (core.c)
Limit (in bytes) on maximum size of an XML-based request body
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
RLimitCPU (core.c)
Soft/hard limits for max CPU usage in seconds
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
RLimitMEM (core.c)
Soft/hard limits for max memory usage per process
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
RLimitNPROC (core.c)
soft/hard limits for max number of processes per uid
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
LimitInternalRecursion (core.c)
maximum recursion depth of internal redirects and subrequests
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ForceType (core.c)
a mime type that overrides other configured type
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
SetHandler (core.c)
a handler name that overrides any other configured handler
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
SetOutputFilter (core.c)
filter (or ; delimited list of filters) to be run on the
request content
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
SetInputFilter (core.c)
filter (or ; delimited list of filters) to be run on the request body
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AddOutputFilterByType (core.c)
output filter name followed by one or more content-types
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AllowEncodedSlashes (core.c)
Allow URLs containing '/' encoded as '%2F'
Allowed in *.conf only outside <Directory>, <Files> or <Location>
PidFile (core.c)
A file for logging the server process ID
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ScoreBoardFile (core.c)
A file for Apache to maintain runtime process management information
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LockFile (core.c)
The lockfile used when Apache needs to lock the accept() call
Allowed in *.conf only outside <Directory>, <Files> or <Location>
MaxRequestsPerChild (core.c)
Maximum number of requests a particular child serves before dying.
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CoreDumpDirectory (core.c)
The location of the directory Apache changes to before dumping core
Allowed in *.conf only outside <Directory>, <Files> or <Location>
AcceptMutex (core.c)
Valid accept mutexes for this platform and MPM are: default,
flock, fcntl, sysvsem.
Allowed in *.conf only outside <Directory>, <Files> or <Location>
MaxMemFree (core.c)
Maximum number of 1k blocks a particular childs allocator may hold.
Allowed in *.conf only outside <Directory>, <Files> or <Location>
TraceEnable (core.c)
'on' (default), 'off' or 'extended' to trace request body content
Allowed in *.conf only outside <Directory>, <Files> or <Location>
AuthUserFile (mod_authn_file.c)
text file containing user IDs and passwords
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AuthDefaultAuthoritative (mod_authn_default.c)
Set to 'Off' to allow access control to be passed along to
lower modules if the UserID is not known to this module. (default is
On).
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
order (mod_authz_host.c)
'allow,deny', 'deny,allow', or 'mutual-failure'
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes Limit
allow (mod_authz_host.c)
'from' followed by hostnames or IP-address wildcards
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes Limit
deny (mod_authz_host.c)
'from' followed by hostnames or IP-address wildcards
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes Limit
AuthGroupFile (mod_authz_groupfile.c)
text file containing group names and member user IDs
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AuthzGroupFileAuthoritative (mod_authz_groupfile.c)
Set to 'Off' to allow access control to be passed along to
lower modules if the 'require group' fails. (default is On).
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AuthzUserAuthoritative (mod_authz_user.c)
Set to 'Off' to allow access control to be passed along to
lower modules if the 'require user' or 'require valid-user' statement
is not met. (default: On).
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AuthzDefaultAuthoritative (mod_authz_default.c)
Set to 'Off' to allow access control to be passed along to
lower modules. (default is On.)
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AuthBasicProvider (mod_auth_basic.c)
specify the auth providers for a directory or location
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
AuthBasicAuthoritative (mod_auth_basic.c)
Set to 'Off' to allow access control to be passed along to
lower modules if the UserID is not known to this module
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
CacheEnable (mod_cache.c)
A cache type and partial URL prefix below which caching is enabled
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheDisable (mod_cache.c)
A partial URL prefix below which caching is disabled
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheMaxExpire (mod_cache.c)
The maximum time in seconds to cache a document
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheDefaultExpire (mod_cache.c)
The default time in seconds to cache a document
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheIgnoreNoLastMod (mod_cache.c)
Ignore Responses where there is no Last Modified Header
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheIgnoreCacheControl (mod_cache.c)
Ignore requests from the client for uncached content
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheStorePrivate (mod_cache.c)
Ignore 'Cache-Control: private' and store private content
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheStoreNoStore (mod_cache.c)
Ignore 'Cache-Control: no-store' and store sensitive content
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheIgnoreHeaders (mod_cache.c)
A space separated list of headers that should not be stored
by the cache
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheLastModifiedFactor (mod_cache.c)
The factor used to estimate Expires date from LastModified date
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheRoot (mod_disk_cache.c)
The directory to store cache files
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheDirLevels (mod_disk_cache.c)
The number of levels of subdirectories in the cache
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheDirLength (mod_disk_cache.c)
The number of characters in subdirectory names
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheMinFileSize (mod_disk_cache.c)
The minimum file size to cache a document
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheMaxFileSize (mod_disk_cache.c)
The maximum file size to cache a document
Allowed in *.conf only outside <Directory>, <Files> or <Location>
XBitHack (mod_include.c)
Off, On, or Full
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
SSIErrorMsg (mod_include.c)
a string
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
SSITimeFormat (mod_include.c)
a strftime(3) formatted string
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
SSIStartTag (mod_include.c)
SSI Start String Tag
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSIEndTag (mod_include.c)
SSI End String Tag
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSIUndefinedEcho (mod_include.c)
String to be displayed if an echoed variable is undefined
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
FilterDeclare (mod_filter.c)
filter-name [, filter-type]
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
FilterProvider (mod_filter.c)
filter-name, provider-name, dispatch--criterion, dispatch-match
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
FilterChain (mod_filter.c)
list of filter names with optional [+-=!@]
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
FilterTrace (mod_filter.c)
Debug level
Allowed in *.conf anywhere
FilterProtocol (mod_filter.c)
filter-name [provider-name] protocol-args
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
DeflateFilterNote (mod_deflate.c)
Set a note to report on compression ratio
Allowed in *.conf only outside <Directory>, <Files> or <Location>
DeflateWindowSize (mod_deflate.c)
Set the Deflate window size (1-15)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
DeflateBufferSize (mod_deflate.c)
Set the Deflate Buffer Size
Allowed in *.conf only outside <Directory>, <Files> or <Location>
DeflateMemLevel (mod_deflate.c)
Set the Deflate Memory Level (1-9)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
DeflateCompressionLevel (mod_deflate.c)
Set the Deflate Compression Level (1-9)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CustomLog (mod_log_config.c)
a file name, a custom log format string or format name, and
an optional "env=" clause (see docs)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
TransferLog (mod_log_config.c)
the filename of the access log
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LogFormat (mod_log_config.c)
a log format string (see docs) and an optional format name
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CookieLog (mod_log_config.c)
the filename of the cookie log
Allowed in *.conf only outside <Directory>, <Files> or <Location>
BufferedLogs (mod_log_config.c)
Enable Buffered Logging (experimental)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ForensicLog (mod_log_forensic.c)
the filename of the forensic log
Allowed in *.conf only outside <Directory>, <Files> or <Location>
PassEnv (mod_env.c)
a list of environment variables to pass to CGI.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
SetEnv (mod_env.c)
an environment variable name and optional value to pass to CGI.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
UnsetEnv (mod_env.c)
a list of variables to remove from the CGI environment.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
SetEnvIf (mod_setenvif.c)
A header-name, regex and a list of variables.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
SetEnvIfNoCase (mod_setenvif.c)
a header-name, regex and a list of variables.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
BrowserMatch (mod_setenvif.c)
A browser regex and a list of variables.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
BrowserMatchNoCase (mod_setenvif.c)
A browser regex and a list of variables.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
SSLMutex (mod_ssl.c)
Valid SSLMutex mechanisms are: `none', `default',
`flock:/path/to/file', `fcntl:/path/to/file', `sysvsem',
`file:/path/to/file', `sem'
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLPassPhraseDialog (mod_ssl.c)
SSL dialog mechanism for the pass phrase query (`builtin',
`|/path/to/pipe_program`, or `exec:/path/to/cgi_program')
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLSessionCache (mod_ssl.c)
SSL Session Cache storage (`none', `nonenotnull', `dbm:/path/to/file')
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCryptoDevice (mod_ssl.c)
SSL external Crypto Device usage (`builtin', `...')
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLRandomSeed (mod_ssl.c)
SSL Pseudo Random Number Generator (PRNG) seeding source
(`startup|connect builtin|file:/path|exec:/path [bytes]')
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLEngine (mod_ssl.c)
SSL switch for the protocol engine (`on', `off')
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCipherSuite (mod_ssl.c)
Colon-delimited list of permitted SSL Ciphers (`XXX:...:XXX'
- see manual)
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes AuthConfig
SSLCertificateFile (mod_ssl.c)
SSL Server Certificate file (`/path/to/file' - PEM or DER encoded)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCertificateKeyFile (mod_ssl.c)
SSL Server Private Key file (`/path/to/file' - PEM or DER encoded)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCertificateChainFile (mod_ssl.c)
SSL Server CA Certificate Chain file (`/path/to/file' - PEM encoded)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCACertificatePath (mod_ssl.c)
SSL CA Certificate path (`/path/to/dir' - contains PEM encoded files)
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes AuthConfig
SSLCACertificateFile (mod_ssl.c)
SSL CA Certificate file (`/path/to/file' - PEM encoded)
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes AuthConfig
SSLCADNRequestPath (mod_ssl.c)
SSL CA Distinguished Name path (`/path/to/dir' - symlink
hashes to PEM of acceptable CA names to request)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCADNRequestFile (mod_ssl.c)
SSL CA Distinguished Name file (`/path/to/file' - PEM encoded
to derive acceptable CA names to request)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCARevocationPath (mod_ssl.c)
SSL CA Certificate Revocation List (CRL) path (`/path/to/dir'
- contains PEM encoded files)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLCARevocationFile (mod_ssl.c)
SSL CA Certificate Revocation List (CRL) file
(`/path/to/file' - PEM encoded)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLVerifyClient (mod_ssl.c)
SSL Client verify type (`none', `optional', `require',
`optional_no_ca')
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes AuthConfig
SSLVerifyDepth (mod_ssl.c)
SSL Client verify depth (`N' - number of intermediate certificates)
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes AuthConfig
SSLSessionCacheTimeout (mod_ssl.c)
SSL Session Cache object lifetime (`N' - number of seconds)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProtocol (mod_ssl.c)
Enable or disable various SSL
protocols(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLHonorCipherOrder (mod_ssl.c)
Use the server's cipher ordering preference
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLUserName (mod_ssl.c)
Set user name to SSL variable value
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes AuthConfig
SSLProxyEngine (mod_ssl.c)
SSL switch for the proxy protocol engine (`on', `off')
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyProtocol (mod_ssl.c)
SSL Proxy: enable or disable SSL protocol flavors
(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyCipherSuite (mod_ssl.c)
SSL Proxy: colon-delimited list of permitted SSL ciphers
(`XXX:...:XXX' - see manual)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyVerify (mod_ssl.c)
SSL Proxy: whether to verify the remote certificate (`on' or `off')
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyVerifyDepth (mod_ssl.c)
SSL Proxy: maximum certificate verification depth (`N' -
number of intermediate certificates)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyCACertificateFile (mod_ssl.c)
SSL Proxy: file containing server certificates
(`/path/to/file' - PEM encoded certificates)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyCACertificatePath (mod_ssl.c)
SSL Proxy: directory containing server certificates
(`/path/to/dir' - contains PEM encoded certificates)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyCARevocationPath (mod_ssl.c)
SSL Proxy: CA Certificate Revocation List (CRL) path
(`/path/to/dir' - contains PEM encoded files)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyCARevocationFile (mod_ssl.c)
SSL Proxy: CA Certificate Revocation List (CRL) file
(`/path/to/file' - PEM encoded)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyMachineCertificateFile (mod_ssl.c)
SSL Proxy: file containing client certificates
(`/path/to/file' - PEM encoded certificates)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLProxyMachineCertificatePath (mod_ssl.c)
SSL Proxy: directory containing client certificates
(`/path/to/dir' - contains PEM encoded certificates)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SSLOptions (mod_ssl.c)
Set one or more options to configure the SSL
engine(`[+-]option[=value] ...' - see manual)
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Options
SSLRequireSSL (mod_ssl.c)
Require the SSL protocol for the per-directory context (no arguments)
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
SSLRequire (mod_ssl.c)
Require a boolean expression to evaluate to true for granting
access(arbitrary complex boolean expression - see manual)
Allowed in *.conf only inside <Directory>, <Files> or
<Location> and in .htaccess
when AllowOverride includes AuthConfig
SSLLog (mod_ssl.c)
SSLLog directive is no longer supported - use ErrorLog.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
SSLLogLevel (mod_ssl.c)
SSLLogLevel directive is no longer supported - use LogLevel.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
User (prefork.c)
Effective user id for this server
Allowed in *.conf only outside <Directory>, <Files> or <Location>
Group (prefork.c)
Effective group id for this server
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ListenBacklog (prefork.c)
Maximum length of the queue of pending connections, as used
by listen(2)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
Listen (prefork.c)
A port number or a numeric IP address and a port number, and
an optional protocol
Allowed in *.conf only outside <Directory>, <Files> or <Location>
SendBufferSize (prefork.c)
Send buffer size in bytes
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ReceiveBufferSize (prefork.c)
Receive buffer size in bytes
Allowed in *.conf only outside <Directory>, <Files> or <Location>
StartServers (prefork.c)
Number of child processes launched at server startup
Allowed in *.conf only outside <Directory>, <Files> or <Location>
MinSpareServers (prefork.c)
Minimum number of idle children, to handle request spikes
Allowed in *.conf only outside <Directory>, <Files> or <Location>
MaxSpareServers (prefork.c)
Maximum number of idle children
Allowed in *.conf only outside <Directory>, <Files> or <Location>
MaxClients (prefork.c)
Maximum number of children alive at the same time
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ServerLimit (prefork.c)
Maximum value of MaxClients for this run of Apache
Allowed in *.conf only outside <Directory>, <Files> or <Location>
GracefulShutdownTimeout (prefork.c)
Maximum time in seconds to wait for child processes to
complete transactions during shutdown
Allowed in *.conf only outside <Directory>, <Files> or <Location>
KeepAliveTimeout (http_core.c)
Keep-Alive timeout duration (sec)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
MaxKeepAliveRequests (http_core.c)
Maximum number of Keep-Alive requests per connection, or 0 for infinite
Allowed in *.conf only outside <Directory>, <Files> or <Location>
KeepAlive (http_core.c)
Whether persistent connections should be On or Off
Allowed in *.conf only outside <Directory>, <Files> or <Location>
AddCharset (mod_mime.c)
a charset (e.g., iso-2022-jp), followed by one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AddEncoding (mod_mime.c)
an encoding (e.g., gzip), followed by one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AddHandler (mod_mime.c)
a handler name followed by one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AddInputFilter (mod_mime.c)
input filter name (or ; delimited names) followed by one or
more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AddLanguage (mod_mime.c)
a language (e.g., fr), followed by one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AddOutputFilter (mod_mime.c)
output filter name (or ; delimited names) followed by one or
more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AddType (mod_mime.c)
a mime type followed by one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
DefaultLanguage (mod_mime.c)
language to use for documents with no other language file extension
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
MultiviewsMatch (mod_mime.c)
NegotiatedOnly (default), Handlers and/or Filters, or Any
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RemoveCharset (mod_mime.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RemoveEncoding (mod_mime.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RemoveHandler (mod_mime.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RemoveInputFilter (mod_mime.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RemoveLanguage (mod_mime.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RemoveOutputFilter (mod_mime.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RemoveType (mod_mime.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
TypesConfig (mod_mime.c)
the MIME types config file
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ModMimeUsePathInfo (mod_mime.c)
Set to 'yes' to allow mod_mime to use path info for type checking
Allowed in *.conf only inside <Directory>, <Files> or <Location>
DAV (mod_dav.c)
specify the DAV provider for a directory or location
Allowed in *.conf only inside <Directory>, <Files> or <Location>
DAVMinTimeout (mod_dav.c)
specify minimum allowed timeout
Allowed in *.conf anywhere
DAVDepthInfinity (mod_dav.c)
allow Depth infinity PROPFIND requests
Allowed in *.conf anywhere
ExtendedStatus (mod_status.c)
"On" to enable extended status information, "Off" to disable
Allowed in *.conf only outside <Directory>, <Files> or <Location>
AddIcon (mod_autoindex.c)
an icon URL followed by one or more filenames
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
AddIconByType (mod_autoindex.c)
an icon URL followed by one or more MIME types
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
AddIconByEncoding (mod_autoindex.c)
an icon URL followed by one or more content encodings
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
AddAlt (mod_autoindex.c)
alternate descriptive text followed by one or more filenames
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
AddAltByType (mod_autoindex.c)
alternate descriptive text followed by one or more MIME types
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
AddAltByEncoding (mod_autoindex.c)
alternate descriptive text followed by one or more content encodings
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
IndexOptions (mod_autoindex.c)
one or more index options [+|-][]
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
IndexOrderDefault (mod_autoindex.c)
{Ascending,Descending} {Name,Size,Description,Date}
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
IndexIgnore (mod_autoindex.c)
one or more file extensions
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
AddDescription (mod_autoindex.c)
Descriptive text followed by one or more filenames
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
HeaderName (mod_autoindex.c)
a filename
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
ReadmeName (mod_autoindex.c)
a filename
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
FancyIndexing (mod_autoindex.c)
The FancyIndexing directive is no longer supported. Use
IndexOptions FancyIndexing.
Allowed in *.conf anywhere and in .htaccess
when AllowOverride isn't None
DefaultIcon (mod_autoindex.c)
an icon URL
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
IndexStyleSheet (mod_autoindex.c)
URL to style sheet
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
ScriptLog (mod_cgi.c)
the name of a log for script debugging info
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ScriptLogLength (mod_cgi.c)
the maximum length (in bytes) of the script debug log
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ScriptLogBuffer (mod_cgi.c)
the maximum size (in bytes) to record of a POST request
Allowed in *.conf only outside <Directory>, <Files> or <Location>
DAVLockDB (mod_dav_fs.c)
specify a lock database
Allowed in *.conf only outside <Directory>, <Files> or <Location>
CacheNegotiatedDocs (mod_negotiation.c)
Either 'on' or 'off' (default)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LanguagePriority (mod_negotiation.c)
space-delimited list of MIME language abbreviations
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
ForceLanguagePriority (mod_negotiation.c)
Force LanguagePriority elections, either None, or Fallback
and/or Prefer
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
DirectoryIndex (mod_dir.c)
a list of file names
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
DirectorySlash (mod_dir.c)
On or Off
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes Indexes
Action (mod_actions.c)
a media type followed by a script name
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
Script (mod_actions.c)
a method followed by a script name
Allowed in *.conf anywhere
UserDir (mod_userdir.c)
the public subdirectory in users' home directories, or
'disabled', or 'disabled username username...', or 'enabled username
username...'
Allowed in *.conf only outside <Directory>, <Files> or <Location>
Alias (mod_alias.c)
a fakename and a realname
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ScriptAlias (mod_alias.c)
a fakename and a realname
Allowed in *.conf only outside <Directory>, <Files> or <Location>
Redirect (mod_alias.c)
an optional status, then document to be redirected and destination URL
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
AliasMatch (mod_alias.c)
a regular expression and a filename
Allowed in *.conf only outside <Directory>, <Files> or <Location>
ScriptAliasMatch (mod_alias.c)
a regular expression and a filename
Allowed in *.conf only outside <Directory>, <Files> or <Location>
RedirectMatch (mod_alias.c)
an optional status, then a regular expression and destination URL
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RedirectTemp (mod_alias.c)
a document to be redirected, then the destination URL
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RedirectPermanent (mod_alias.c)
a document to be redirected, then the destination URL
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RewriteEngine (mod_rewrite.c)
On or Off to enable or disable (default) the whole rewriting engine
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RewriteOptions (mod_rewrite.c)
List of option strings to set
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RewriteBase (mod_rewrite.c)
the base URL of the per-directory context
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RewriteCond (mod_rewrite.c)
an input string and a to be applied regexp-pattern
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RewriteRule (mod_rewrite.c)
an URL-applied regexp-pattern and a substitution URL
Allowed in *.conf anywhere and in .htaccess
when AllowOverride includes FileInfo
RewriteMap (mod_rewrite.c)
a mapname and a filename
Allowed in *.conf only outside <Directory>, <Files> or <Location>
RewriteLock (mod_rewrite.c)
the filename of a lockfile used for inter-process synchronization
Allowed in *.conf only outside <Directory>, <Files> or <Location>
RewriteLog (mod_rewrite.c)
the filename of the rewriting logfile
Allowed in *.conf only outside <Directory>, <Files> or <Location>
RewriteLogLevel (mod_rewrite.c)
the level of the rewriting logfile verbosity (0=none, 1=std, .., 9=max)
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LoadModule (mod_so.c)
a module name and the name of a shared object file to load it from
Allowed in *.conf only outside <Directory>, <Files> or <Location>
LoadFile (mod_so.c)
shared object file or library to load into the server at runtime
Allowed in *.conf only outside <Directory>, <Files> or <Location>